JENKINS-27026 Notify the SecurityListener in case of Token based authentication success

due the current version of the method, the UserDetails required for the event was not accessible. In order to stay with the same API in SecurityListener, two "protected" methods were created to split the job and let the UserDetails accessible

- add test to ensure the SecurityListener is called for REST Token but also for regular basic auth

- remove the comment about the split, will be put in GitHub comment instead

- add check for anonymous call instead of just putting a comment

remove the constructor in the dummy

add link to PR from Daniel to simplify a call

- separate the before/after to save one clear and be more explicit

put more meaning in the assertLastEventIs method by explicitly say we will remove the last event

- add comment about why we do not fire the "failedToAuthenticated" in the case of an invalid token (tips: it's because it could be a valid password)

- also add the authenticated trigger on legacy filter as pointed by Ivan

- add support of event on CLI remoting authentication

adjust tests by moving the helper class used to spy on events

- as mentioned Yvan, the code had some problems with null checking, so the approach is changed in order to encapsulate all that internal mechanism

- add javadoc

open the getUserDetailsForImpersonation from the User (will let the SSHD module to retrieve UserDetails from that)

- remove single quote in log messages

- basic corrections requested by Jesse

- just another typo

- adjust the javadoc for SecurityListener events

- add the link to Jenkins#Anonymous

- add link (not using see)

- update comment on the isAnonymous as we (me + Oleg) do not find a best place at the moment

SCM/JIRA link daemon
added a comment - 2017-12-14 19:45 Code changed in jenkins
User: Wadeck Follonier
Path:
core/src/main/java/hudson/Functions.java
core/src/main/java/hudson/cli/CLICommand.java
core/src/main/java/hudson/cli/ClientAuthenticationCache.java
core/src/main/java/hudson/cli/LoginCommand.java
core/src/main/java/hudson/cli/LogoutCommand.java
core/src/main/java/hudson/model/User.java
core/src/main/java/hudson/security/ACL.java
core/src/main/java/hudson/security/BasicAuthenticationFilter.java
core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
core/src/main/java/jenkins/security/SecurityListener.java
test/src/test/java/hudson/security/CliAuthenticationTest.java
test/src/test/java/jenkins/security/BasicHeaderProcessorTest.java
test/src/test/java/jenkins/security/SpySecurityListener.java
http://jenkins-ci.org/commit/jenkins/b7f42b2e59b2081782d6e51da18b0c93808d98da
Log:
JENKINS-27027 Notify the SecurityListener on authentication (#3074)
JENKINS-27026 Notify the SecurityListener in case of Token based authentication success
due the current version of the method, the UserDetails required for the event was not accessible. In order to stay with the same API in SecurityListener, two "protected" methods were created to split the job and let the UserDetails accessible
- add test to ensure the SecurityListener is called for REST Token but also for regular basic auth
- remove the comment about the split, will be put in GitHub comment instead
- add check for anonymous call instead of just putting a comment
remove the constructor in the dummy
add link to PR from Daniel to simplify a call
- separate the before/after to save one clear and be more explicit
put more meaning in the assertLastEventIs method by explicitly say we will remove the last event
- add comment about why we do not fire the "failedToAuthenticated" in the case of an invalid token (tips: it's because it could be a valid password)
- also add the authenticated trigger on legacy filter as pointed by Ivan
- add support of event on CLI remoting authentication
adjust tests by moving the helper class used to spy on events
- as mentioned Yvan, the code had some problems with null checking, so the approach is changed in order to encapsulate all that internal mechanism
- add javadoc
open the getUserDetailsForImpersonation from the User (will let the SSHD module to retrieve UserDetails from that)
- remove single quote in log messages
- basic corrections requested by Jesse
- just another typo
- adjust the javadoc for SecurityListener events
- add the link to Jenkins#Anonymous
- add link (not using see)
- update comment on the isAnonymous as we (me + Oleg) do not find a best place at the moment
- put the new method isAnonymous in ACL instead of Functions
- little typo
add requirement about the SecurityContext authentication